1. Field of the Invention
The present invention relates generally to an improved data processing system and in particular to a method and apparatus for processing. Still more particularly, the present invention relates to a computer implemented method, apparatus, and computer usable program code for performing security actions on data packets.
2. Description of the Related Art
Malware software is designed to infiltrate or damage a computer system. Malware includes computer viruses, worms, Trojan horses, spyware, adware, and other malicious and unwanted software. This type of software also is referred to as a computer contaminant. Programs and devices have been developed to prevent and reduce the spread of malware. Network security for many businesses is set up in multiple layers.
In today's computing environment, using a firewall at an Internet access point is no longer adequate to protect a network. A firewall is a security device that is configured to permit, deny, or proxy data connections set and configured through a security policy. Firewalls may be either hardware and/or software based. Virus scanners are also implemented at mail components, such as gateways and mail servers. Even laptops and personal computers include virus scanning software. Additionally, even firewalls and internal secure routers often include pattern matching virus scanning capabilities.
In addition to virus scanners, other software to locate and remove other malware such as spyware and Trojan horses are also employed at these types of security devices. These multiple levels of security are inefficient because the same data may be scanned multiple times for the same type of malware. Coordinating the scanning or performance of security actions is difficult given the complexity of network security.
For example, a laptop in a network may be configured to trust incoming mail with knowledge that the mail server runs a virus scan on all e-mail. However, another internal computer may be infected with a virus and send an e-mail message to the laptop, bypassing the mail server. The safest action is to scan all incoming e-mail messages to avoid the situation in which a direct e-mail may contain a virus or other malware.
Further, a data packet may enter through a firewall, which determines whether the origin of the data packet is trusted. This data packet may then travel to a mail gateway, which performs a virus scan. Thereafter, the data packet is transferred onto a host computer, which runs another virus scan on the data packet.
This type of redundancy is inefficient given the cost for scanning data packets. The amount of time and processor resources needed to scan all incoming data packets is costly in terms of performance and time. These layers of security, however, are still needed because any infected computing device such as a laptop, may be brought into an organization and connected to the network, which may attack the host computer directly.
Therefore, it would be advantageous to have a computer implemented method, apparatus, and computer usable program code for efficiently performing security actions on data packets.